From 041f85886cd99ebe5a1ba0dc7d8092e05f41d144 Mon Sep 17 00:00:00 2001
From: Adria Navarro <adria@budibase.com>
Date: Mon, 27 May 2024 14:16:03 +0200
Subject: [PATCH] Ensure consistency

---
 .../src/api/routes/tests/viewV2.spec.ts       | 38 +++++++++++++++++++
 packages/server/src/sdk/app/views/index.ts    | 22 +++++++----
 2 files changed, 52 insertions(+), 8 deletions(-)

diff --git a/packages/server/src/api/routes/tests/viewV2.spec.ts b/packages/server/src/api/routes/tests/viewV2.spec.ts
index 9b50c28649..68f1259670 100644
--- a/packages/server/src/api/routes/tests/viewV2.spec.ts
+++ b/packages/server/src/api/routes/tests/viewV2.spec.ts
@@ -294,6 +294,7 @@ describe.each([
             readonly: true,
           },
           description: {
+            visible: true,
             readonly: true,
           },
         },
@@ -306,6 +307,7 @@ describe.each([
           readonly: true,
         },
         description: {
+          visible: true,
           readonly: true,
         },
       })
@@ -348,6 +350,42 @@ describe.each([
         },
       })
     })
+
+    it("readonly fields must be visible", async () => {
+      const table = await config.api.table.save(
+        saveTableRequest({
+          schema: {
+            name: {
+              name: "name",
+              type: FieldType.STRING,
+            },
+            description: {
+              name: "description",
+              type: FieldType.STRING,
+            },
+          },
+        })
+      )
+
+      const newView: CreateViewRequest = {
+        name: generator.name(),
+        tableId: table._id!,
+        schema: {
+          name: {
+            visible: false,
+            readonly: true,
+          },
+        },
+      }
+
+      await config.api.viewV2.create(newView, {
+        status: 400,
+        body: {
+          message: 'Field "name" cannot be readonly and not visible',
+          status: 400,
+        },
+      })
+    })
   })
 
   describe("update", () => {
diff --git a/packages/server/src/sdk/app/views/index.ts b/packages/server/src/sdk/app/views/index.ts
index 68a689fb78..42c6c9079f 100644
--- a/packages/server/src/sdk/app/views/index.ts
+++ b/packages/server/src/sdk/app/views/index.ts
@@ -52,14 +52,20 @@ async function guardViewSchema(
         )
       }
 
-      if (
-        viewSchema[field].readonly &&
-        isRequired(tableSchemaField.constraints)
-      ) {
-        throw new HTTPError(
-          `Field "${field}" cannot be readonly as it is a required field`,
-          400
-        )
+      if (viewSchema[field].readonly) {
+        if (isRequired(tableSchemaField.constraints)) {
+          throw new HTTPError(
+            `Field "${field}" cannot be readonly as it is a required field`,
+            400
+          )
+        }
+
+        if (!viewSchema[field].visible) {
+          throw new HTTPError(
+            `Field "${field}" cannot be readonly and not visible`,
+            400
+          )
+        }
       }
     }
   }